﻿
 <!--#include file="includes/database.asp" -->

  <%   

   Function GetQueryString(str)    
      If Request.QueryString(str)<>"" Then    
          GetQueryString=Replace(Request.QueryString(str),"'","")    
      Else    
          GetQueryString=""    
      End If    
  End Function    
      
  Dim strUsernameX    
  Dim blnCheckUserOK 
  Dim blnCheckUserNumber  
      
  blnCheckUserOK = True    
      
  strUsernameX = TRIM(GetQueryString("q"))    
  strUsernameX = Replace(strUsernameX, "''", "'", 1, -1, 1)    
     
If isNumeric(strUsernameX) = False then
blnCheckUserNumber = True
else
	 
   IF LEN(strUsernameX) <= 2 THEN blnCheckUserOK = False    
   IF InStr(1, strUsernameX, "admin", vbTextCompare) THEN blnCheckUserOK = False

	strSQL = "SELECT CardNumber FROM KHACHHANG WHERE CardNumber='"&strUsernameX&"'"    
      
    rsCommon.Open strSQL, adoCon, 3, 1    
    IF Not(rsCommon.EOF) THEN blnCheckUserOK = False    
    rsCommon.Close    
  
Call closeDatabase()      

end if

	IF blnCheckUserNumber THEN    
     Response.Write("&nbsp;<IMG SRC=""images/no_1.png""/>&nbsp;" & "Mã số thẻ phải là số") 
	  		
	ELSEIF blnCheckUserOK THEN    
     Response.Write("&nbsp;<IMG SRC=""images/yes_1.png"" />&nbsp;" & "Bạn có thể sử dụng Mã số thẻ này")    
    ELSE    
     Response.Write("&nbsp;<IMG SRC=""images/no_1.png""/>&nbsp;" & "Mã số thẻ đã sử dụng")    
    END IF 
	  
  
  %>   